What are /r/Puppet's favorite Products & Services?

From 3.5 billion Reddit comments

You can specify a version:

package { 'php' : ensure => '5.2' , } However, if that version of PHP RPM/Deb/package isn't available in your upstream repo, then you'll want to either:

Find an alternate repo that has that package, and add it to your repo list Set up your own repo with the package Install from your filesystem, by providing a path to the package: package { 'php' : ensure => '5.2' , source => '/some/path/to/php-5.2.rpm' , }

SOURCE: https://stackoverflow.com/questions/11614413/puppet-specifying-a-version-of-a-package-to-install

Hi,

Sorry it took a while to get back to you but I think I found a solution for you.

First, check out both of these related articles. http://comments.gmane.org/gmane.comp.sysutils.augeas.devel/4400 https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/puppet-users/0ZN5oDOZyOY/N_MJDC2xQosJ

I noticed people attempting to do the same. What if you tried this?

context => '/files/etc/fstab/*[vfstype=xfs]', changes => [ 'rm opt', 'ins opt after vfstype[last()]', 'set opt[last()] "defaults"', 'set opt[last()] "nobarrier"',

I think that will

• look at each line containing the filesystem 'xfs'.
• remove the options after filesystem type
• insert options after filesystem type
• set option defaults
• set option nobarrier

I would also experiment with augtool and try matching/inserting with the tool first. when you've got it with augtool you can translate into puppet code.

Where did you get your install packages from?

I would start with the documentation here: https://docs.puppet.com/puppet/4.9/install_pre.html#document-nav

As well as this: https://www.digitalocean.com/community/tutorials/how-to-install-puppet-4-in-a-master-agent-setup-on-ubuntu-14-04

So you have some terms mixed up. Foreman is not creating the config, your telling puppet via foreman how to manage a node.

The term you are looking for is node classification. This link has more then you need but explains how you can start doing this: https://www.digitalocean.com/community/tutorials/how-to-use-foreman-to-manage-puppet-nodes-on-ubuntu-14-04

Another thing you can use is hiera to classify nodes: https://docs.puppet.com/hiera/3.3/complete_example.html#assigning-a-class-to-a-node-with-hiera

Hope that helps!

The foreman doesn't support defined types, which makes creating multiple instances of a resource hard.

The generally best accepted practice is to put the resource declaration inside hiera and use create_resource to declare your cron jobs.

Here is more information: https://groups.google.com/forum/#!topic/foreman-users/o-Sqjo-n21A

Also, you will want to use roles and profiles http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/

https://groups.google.com/forum/#!topic/puppet-announce/7f5W_Hmqjss

Theoretically if you've never opened up your Puppet master to the Internet at large you don't need to regenerate your master cert which would require new client certs as well. However in practice I believe most Puppet users are planning to regenerate their certs. I certainly am.

Foreman currently requires 3.x, you need to use the regular non-PC1 repository and should have the "puppet" package installed. The quickstart shows which Puppet Labs repository to configure. You can either reinstall or downgrade the package back to puppet-3.8.6.

> So my idea was to configure seperate config groups for chrony servers and clients which I attach to the hosts (or host groups). > > At this point I can not find where to specify seperate parameters for the two config groups.

Use config groups as a way to attach multiple classes to a host or host group in one click. So a LAMP config group may add a class to configure Apache, plus some monitoring, plus a MySQL database class etc.

Use host groups as a way to specialise and classify your hosts as a hierarchy. You can override class parameters on a host group or at a host level, for example.

Note that you can also change class parameters based on facts and any attribute apart from config groups via Configure > Puppet classes. See the smart matchers docs for some info: http://theforeman.org/manuals/1.9/index.html#4.2.6SmartMatchers

You need to add the VMware host as a compute resource. This is how Foreman is intended to manage the complete life cycle. I haven't done it for VMware, but have for KVM.

This is really a SSH question, rather than a Puppet question.

If you are comfortable disabling password logins globally, simply use PasswordAuthentication no

Otherwise, I googled the answer for you...

http://serverfault.com/questions/285800/how-to-disable-ssh-login-with-password-for-some-users

This is a sshd_setting. You can either manage the whole file using a single file resource, or edit it piece-meal using the sshd_config provider from augeas providers module (or Augeas directly.)

Because I saw this and thought "free beer" + Puppet ... ?

Here's what FreeIPA is from freeipa.org:

> FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.

> FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.

> FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

> Multiple FreeIPA servers can easily be configured in a FreeIPA Domain in order to provide redundancy and scalability. The 389 Directory Server is the main data store and provides a full multi-master LDAPv3 directory infrastructure. Single-Sign-on authentication is provided via the MIT Kerberos KDC. Authentication capabilities are augmented by an integrated Certificate Authority based on the Dogtag project. Optionally Domain Names can be managed using the integrated ISC Bind server.

> Security aspects related to access control, delegation of administration tasks and other network administration tasks can be fully centralized and managed via the Web UI or the ipa Command Line tool.

Learning Puppet 4, though two major revisions behind, was a really good run through of the architecture and how to use it. Would recommend.

Convert the IPv4 address to a 32bit integer. That's simple and should be unique within any replication scheme. Not exactly sure how you'd need to format it in Hiera, but the follow code in the link should work.

https://groups.google.com/forum/#!msg/puppet-users/b-2N3v-3sz0/Gx2Gcsxh8mwJ

Try this walkthrough instead, it's written from a more basic standpoint and doesn't involved puppet agent/master.

The module will install and configure chocolatey for you, the forge read me is pretty much a step by step on how to do that.

If you need context of what chocolatey is and how to use it, the website for that product should help you out https://chocolatey.org/

Generally speaking, we'd suggest packaging your thing up as a Chocolatey package because that would let you manage it with Puppet or other tooling, perform upgrades, etc. Maybe check and see if that meets your needs.

Running facter is one of the very first things Puppet does when you start a Puppet run. Facter uses various sources, mostly Ruby scripts, to build a data structure of all of the things that are known about the server. The Puppet agent then sends that data to the Puppet master, where it's used to classify the agent, and then compile a catalog that the agent will subsequently apply.

Puppet code itself is just a DSL. There are some conditional statements and other functions to add functionality, but it's not as flexible as a language like Ruby or Python. The trade-off is that it's easier to write and maintain.

Here's a link to the exec/onlyif approach. http://serverfault.com/questions/516917/how-to-do-a-file-dir-exists-conditional-in-puppet

The down side to this used to be that if the exec ran, it would mess up the reporting because the Exec resource would change every time Puppet ran, which would make it look like every Puppet run made changes. This was the biggest factor in deciding to go the custom fact route. I'm not sure if there's a work around for this issue these days.

Another alternative would be to package your files in an rpm or deb using something like FPM, and then write your logic into the package.

If there's an actual DHCP on the subnet which it's on then maybe the virtual network card is misconfigured. Go to settings, network and select another one from the "Attached to:" drop down.

NAT -> Connected to a virtual network on your computer which uses your computers external IP to reach outside resources. Bridged -> Connected to the same network as your own computer.

read more on: https://www.virtualbox.org/manual/ch06.html

Well, if you heard it once than it must be true.

I found this: https://www.slideshare.net/mobile/PuppetLabs/gordonsydney

It suggests that Google doesn't use Puppet for any customer facing services. It also suggests they had many Puppet masters but may have switched to masterless for their laptops/desktops. That makes sense and is what I do with my own laptop.

You've got two options.

First, since you say they'll all be in the same directory, you can configure your OS and then trust that it will create new users in the proper location. Here's an example of what a /etc/default/useradd file might look like: http://www.linuxfromscratch.org/blfs/view/5.1/postlfs/skel.html

Or second, you can specify it in Puppet code just like you're doing now. Just drop the create_resources() stuff and iterate.

$external_users = lookup('company::external::server::users', {'default_value' => {}}) $external_users.each |$user, $attributes| { user { $user: ensure => present, password => $attributes['password'], uid => $attributes['uid'], comment => $attributes['comment'], managehome => true, home => "/path/to/home/${user}", } }

I have not used Foreman in a while, but this page has some information on Puppet environments: http://theforeman.org/manuals/1.11/index.html#4.2ManagingPuppet . I would either attempt to rename your environment to remove the dash or replace it with underscore. Also puppet-ca I believe is a Class that Puppet uses internally in a Puppet Master environment to define the node used to sign certificates. If possible, it would be better to use a different name for your environment so that it does not conflict.

If 'puppet-ca' is not the name of the environment assigned to your nodes, then this could indicate a totally different issue.

Was this working and then just stopped, or is this a new environment/setup that you are working through? Do you have non-OS X nodes working with the same setup (assigned environment, classes, etc)?

Basically, to answer your example, you would need 2 classes:

ntp::server, to configure your servers ntp::client, to configure your clients.

IIRC in foreman you can configure classes to set them to given hosts: http://theforeman.org/manuals/1.9/index.html#4.2.2Classes

For the Katello.org web page you are correct, but I have found that the Red Hat Satellite Server 6 documentation is 1 for 1 the same product, and excellent documentation in general.

If you pm me your email I will forward the PDFs to you.

-edit

Here is a dump of the docs: https://www.dropbox.com/sh/27g7e2b2porw9up/AABSecr8OC_J7_aPPUT9pz_Xa?dl=0

-edit2

Since Katello's core is Foreman, foreman plugins and documentation work extremely well also. Anything not covered in the Red Hat docs will be covered in the Foreman docs here: http://theforeman.org/manuals/1.8/index.html

You might classify your nodes as development, qa, staging, release-candidate, or production with an external node classifier (ENC) instead of complicating your puppet conf or using Heira. An example of an open source tool to use as an ENC would be The Foreman. Of course, if you've got Puppet Enterprise you can use the web app that comes with it as an ENC.

> solution... needs more thought and analysis than a single blog post

Nix papers, including the Phd thesis of the author

or you can just try Nix out :)

Handing off is relatively simple. You need pxechain.com from syslinux in your tftp root (Foreman server) and then your Windows PXE template in Foreman just looks like this;

DEFAULT windows LABEL windows kernel pxechain.com append ##WDSIP##::Boot\x86\wdsnbp.com

> I have read about vagrant and puppet and I am convinced it is the way to do software development.

Said somebody who hasn't discovered docker yet =)

Here is a small 1-off project I build with vagrant and puppet. You can hack around with it to see how all the pieces (vagrant, puppet, puppet-librarian) come together if you want.

Sorry, I should have also said that I've already got chocolatey installed on the servers via

iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))

When I make that class, do I need to make it into a module? All of the quick-start tutorials seemed to have me walking through downloading modules that added available classes and I'm not clear on how to just create a simple class rather than going the module route.

Make them read this. Just got finished, next time I need to sell the idea of good devops i'm going to be getting management to read this book rather then trying to explain it myself.

I like Puppet 4 Essentials.

For Chocately, Puppetlabs has a course on Windows management, but I haven't taken it. The windows guy at work says it is okay

Awesome! Glad everything is working. If you are looking for a book, Pro Puppet is really good. I'm not sure if/when they are going to update it for Puppet 4, but the latest version has a lot of great stuff on Puppet 3.

Amazon: Pro Puppet 2nd Ed.

Apress: Pro Puppet 2nd Ed.

First off, welcome to puppet! I don't know how you want to structure your layout, but within my manifests I define modules/account/sysadmins.pp and in there I include something like

account::user { grayson: no_ssh_private_key => true, groups => ['puppet'], ssh_public_keys =>'ssh-dss $];

It's good to define it here as it allow for a lot of availability. If you want to pick up a lot of tips about stuff like this, I reccomend this book